Nemertes Issue Paper

Overview:
The data center is undergoing a radical shift, from virtualization towards internal cloud environments where workloads dynamically move, start and stop driven by real-time performance needs. At the same time, IT practitioners are interested in exploring external cloud computing options---but security and compliance concerns are squelching adoption.

A key concern is trust. Moving to a cloud provider shifts the burden of trust onto the provider--something that few providers are able to handle today. To overcome this concern, responsibility for security and compliance needs to stay with the customer. This requires an overhaul of security practices – the same practices we’ve been using for 15 years. We need new security and compliance controls that span the physical, virtual, cloud continuum (not everything will be virtual so security must continue to protect physical assets). We also need security controls that are location-aware and dynamically enforce policy regardless of workload location. This requires an adaptive perimeter defense and restoration of depth for defense in depth.

All IT functions are heading into the clouds: Cloud computing, cloud storage, cloud collaboration, cloud content management, cloud unified communications and even cloud security and compliance. Yet, security and compliance concerns are holding back adoption.

Nemertes’ PilotHouse Awards recognizes how vendors and service providers perform in the eyes of their business customers. What makes Nemertes’ PilotHouse award so unique?

The winners of the Nemertes PilotHouse Awards represent the “movers and shakers” among communications and computing vendors, and their customers, the IT practitioners deploying those technologies.

Vendors:

Tuesday, September 8, 2009 2:00 PM - 3:00 PM EDT

It’s highly likely that in a few years, we’ll be looking back at 2009 as the year when everything changed for IT. The recession literally decimated IT forces, or worse: Sixty-seven percent of organizations are decreasing their IT departments by an average of 17%.

Nemertes Issue Paper

Overview: Whether an organization’s virtual workers are at a branch location, on the road, or working from home, they require IT support to stay connected to the rest of their team. The IT department’s challenge is to make sure these workers get predictable, high-performance access to applications and data no matter where they reside. The problem: Only 18% of branch locations (and virtually no telecommuter sites) house IT expertise.

Overview:

Speaks to the IT manager concerned with security. Introducing virtualization into a data center increases the complexity of the environment and presents a new “threat surface,” the hypervisor and its associated management tools, to attack.

Tuesday, August 11, 2009 2:00 PM - 3:00 PM EDT

Overview:

Overview

Overview

Groundbreaking research into the effects of server, desktop, and application virtualization on the operations and organization of IT, including useful metrics and practical advice to IT.

Exploring what is now driving IT to virtualize servers and desktops, what returns they are seeing, and the challenges they face as they proceed.

Overview:

Speaks to the IT manager concerned with security. Introducing virtualization into a data center increases the complexity of the environment and presents a new “threat surface,” the hypervisor and its associated management tools, to attack.

Organizations are moving virtual servers out of test and development systems and into
production, whether to improve agility, reduce costs, or grapple with limitations in the data
center. In doing so, they are faced with new issues of governance, security, management, and
compliance. Many IT executives are also beginning to apply the lessons they have learned from

The 2008 Nemertes Research PilotHouse Awards dinner for Virtualization was held Sunday, November 16, 2008 at the Grand Hyatt San Francisco.

PilotHouse and Innovator Award winners were recognized and honored for their achievements.

Nemertes 2008 PilotHouse Awards - Desktop and Server Virtualization

Nemertes PilotHouse Award program recognize virtualization vendors and service providers
demonstrating outstanding achievement and superior performance in areas such as customer
service, technological innovation, value and strategic product development.

In our research on enterprise virtualization use, we have heard many a server admin, data center director, and service engineer complain that as they have virtualized servers, it has gotten harder for people to find things when they need them.

Overview:

Nemertes Market Analysis: Virtualization Security

Nemertes Research has launched a groundbreaking project that provides in-depth analysis of Server & Desktop Virtualization Research . The project includes the following components:

Market Analysis

In this piece of the project, Nemertes’ team of expert analysts will define critical product and service categories in the virtualization market, the key trends and conditions within each, and will analyze key vendors and their products and positioning.

The Market Analysis covers the following market segments:

• Security
• Desktop and Server Platforms
• Management

If you would like to be included in this Market Analysis, please contact John Burke at john.burke@nemertes.com.

Benchmark

Nemertes built its reputation on its one-of-a-kind benchmarking.
Senior analysts will interview 100-150 IT executives, and provide data,
analysis, and insight on best practices for Server & Desktop Virtualization. By thoroughly analyzing real deployments, Nemertes will uncover::

• What servers and services, and whose desktops, are being virtualized first, and why?
• The reasons for not virtualizing particular services, servers, or desktops.
• How to build a business case for moving to virtualized servers and/or desktops.
• The criteria for selecting the right virtualization platform.
• How does the IT organization change to reflect a virtualized infrastructure?
• How organizations build a secure and manageable virtual infrastructure.

All clients have access to all Nemertes research deliverables. Clients can contact client-services@nemertes.com for
further information.

Non-clients, or vendors or carriers who want more information may contact Kathy Cardinale, kathy.cardinale@nemertes.com
(vendor/carrier/service provider sales) or John Dofter (enterprise sales).

IT decision-makers who would like to participate in the research should contact John Dofter, john.dofter@nemertes.com.

The Issue:

Server virtualization is one of the most-discussed technologies of the past
few years. We find that although some organizations are already generating
substantial savings with virtualization in their production environments, the
majority of participants in Nemertes’ Security and Information Protection
benchmark research are not yet using virtual servers in production. They plan to,
however, looking for the increased resource utilization, broader platform
standardization, and deeper management automation that server virtualization
enables.

As virtual servers move into production, IT needs to address security and
compliance issues. Unfortunately, most participants in the benchmark, when
asked how they secure their virtual servers, say they treat them like physical
servers as much as possible! Sensibly, they use host-based security such as antivirus
and anti-malware agents. However, they also use network tools to protect
virtual servers exactly as if they were simply very thin, very densely stacked rackmount
boxes.

The Issue:

Server virtualization is one of the most-discussed technologies of the past few years.
We find that although some organizations are already generating
substantial savings with virtualization in their production environments, the
majority of participants in Nemertes’ Security and Information Protection
benchmark research are not yet using virtual servers in production. They plan to,
however, looking for the increased resource utilization, broader platform
standardization, and deeper management automation that server virtualization
enables.

As virtual servers move into production, IT needs to address security and
compliance issues. Unfortunately, most participants in the benchmark, when
asked how they secure their virtual servers, say they treat them like physical
servers as much as possible! Sensibly, they use host-based security such as antivirus
and anti-malware agents. However, they also use network tools to protect
virtual servers exactly as if they were simply very thin, very densely stacked rackmount
boxes.

For more information, contact:

Nemertes Research
Phone: 888-241-2685
research@nemertes.com

Server Virtualization Requires Shift in Security
Thinking

Analysis of risk factors sharpens
security focus

New York, NY – Feb. 12, 2008 – Rapid adoption of server virtualization is forcing companies to think about the security implications of virtualization.

Most IT departments currently secure physical and virtual servers the same way. Unfortunately, consolidating servers into a pool of virtual machines interconnected by virtual networks invalidates many of the assumptions that underlie current data center security techniques. While the focus has been on the security of the hypervisor, the real risks may lie elsewhere.

“As server virtualization has gained acceptance in corporate data centers, security has gone from an afterthought to a serious concern,” says Andreas M. Antonopoulos, senior vice president of Nemertes Research. Much of the focus has been on the technologies of virtualization rather than the operational, organization and economic benefits the technologies offer companies. For server virtualization to deliver its benefits as securely as possible, companies need to conduct a more rigorous analysis of the risks associated with it. “Part of the uncertainly arises because most companies do not have a good understanding of the real risks surrounding virtualization, “says Antonopoulos.

A risk analysis of large‐scaled and dynamic virtual server environments

Executive Summary

As virtualization has gained acceptance in corporate data centers, security has gone from afterthought to serious concern. Much of the focus has been on the technologies of virtualization rather than the operational, organizational and economic context. This comprehensive risk analysis examines the areas of risk in deployments of virtualized infrastructures and provides recommendations

Sun announced that it will ship a hypervisor, xVM, and a management product, xVM Ops Center, aimed specifically at heterogeneous virtualized infrastructure. xVM combines a stripped-down version of Solaris with the Xen open-source hypervisor to provide a somewhat light-weight virtualization infrastructure that can use core Sun/Solaris technologies for storage virtualization and for avoiding hardware-based service interruptions.

Backup is a huge challenge for small and medium businesses. Tape drives are expensive and to really safeguard data you have to send it offsite. Add to that the risk of information disclosure and backup becomes a real headache. Online storage seems to be the answer, but how do you trust a third party with your data?

Well... you don't: You give them an encrypted copy that only you can read. Better yet, create multiple encrypted copies and spread them around multiple providers ensuring that you can reconstruct the data from a subset of all the copies. A bit like RAID: A redundant array of inexpensive storage providers (RAISP?). Throw some P2P in the mix and you can also include disk space on millions of home computers (or co-worker laptops) in the storage equivalent of SETI@Home.

The New York Times is reporting on ClearSafe, a startup open-source company developing a distirbuted encrypted P2P storage solution.

Table of Contents
1 EXECUTIVE SUMMARY 4
2 THE NEW DATA CENTER 5
2.1 OVERVIEW 5
2.2 KEY THEMES 5
3 COMPUTING 8
3.1 PLATFORMS 8
3.2 OPERATING SYSTEMS 9
3.3 DENSITY OF SERVERS IN THE DATA CENTER 10
3.4 BLADE SERVERS AND VIRTUALIZATION 13
4 SERVER VIRTUALIZATION 15
4.1 INTRODUCTION TO SERVER VIRTUALIZATION 15
4.2 VIRTUALIZATION CURRENT STATE 17
4.3 VIRTUALIZATION COST SAVINGS 20
4.4 SERVER VIRTUALIZATION SOLUTIONS 21
4.5 VIRTUALIZATION FOR SERVER CONSOLIDATION 23
4.6 VIRTUALIZATION AS ABSTRACTION LAYER 29
4.7 VIRTUALIZATION FOR BUSINESS RECOVERY 31
4.8 VIRTUALIZATION AND LIVE-MIGRATION FOR MAINTENANCE OR LOAD BALANCING 34
4.9 VIRTUALIZATION FOR TESTING AND QUALITY ASSURANCE 37
4.10 VIRTUALIZATION FOR PATCHING 40
4.11 VIRTUALIZATION FOR SECURITY 41
4.12 VIRTUALIZATION FOR THIN-CLIENT DESKTOP 44
5 CONCLUSIONS AND RECOMMENDATIONS 48

In our recent research benchmark on data centers, Nemertes Research discovered many different approaches to server virtualization. Some companies are combining virtualization with blade servers in a double-barreled approach to modernizing the data center. Others are aiming to bring a halt to the rampant growth of servers by moving many barely utilized services to virtual machines.

One thing was clearly obvious from our research: The best starting point for server virtualization is the consolidation of “low-hanging fruit.”

Virtualization can actually increase complexity

By Andreas M. Antonopoulos, Network World, 01/24/06

Virtual-machine technology gained visibility in 2005 as companies consolidated servers and deployed shared resources to reduce spending on new servers.

Research analyst Andreas Antonopoulos identifies best-of-breed tools for the next-generation data center.

By Andreas M. Antonopoulos and Andreas Antonopoulos, Network World, 10/24/05

By now we're all well versed on the attributes of the "new data center," characterized by service-oriented applications running over a virtualized service-oriented infrastructure. This next-generation data center brings the benefits of agility, lower operational costs, better utilization and rapid application deployment.